Three former GitHub executives and engineers have founded a new startup that brings the benefits of the most popular open source package manager to enterprises.
The startup, called Workbrew, has emerged from stealth today with a mission to reduce the risks of “shadow IT” practices, giving enterprise administrators and security teams central control and visibility into Homebrew deployments across their organizations. We provide To further its commercial push, the startup has raised $5 million from developer-focused VC firm Heavybit, Essence VC, Operator Collective, and a number of angels, including GitHub co-founder and former CEO Tom Preston-Werner. Collected funds.
Homebrew is a system-level open source package manager designed primarily for macOS with support for Linux that allows developers to easily install and maintain software libraries, command line tools (CLI), and other utilities. I'll make it. Of course, developers can also manually install this software themselves, but this can be a time-consuming task, especially if a particular package has a large number of dependencies required to run properly. there is. Homebrew does all this with one command, fetching all relevant components and keeping them up to date automatically. This is why Homebrew and its cousins are sometimes called “app stores for developers.”
Still, this is a problem for organizations keen to keep their developers happy and productive, but also aware of the security and compliance risks of giving their employees unfettered access to the world of open source software. It has become a headache for many. That's where Workbrew comes in.
Founded in 2023, Workbrew is the brainchild of CEO John Britton (pictured above, right), COO Vanessa Gennarelli (pictured above, center), and CTO Mike McQuaid. Britton has been contributing to Homebrew since 2014 and has held several senior positions at major tech companies, including director of developer marketing at GitHub, while Gennarelli most recently served as senior director of education at GitHub. I was there. McQuaid was previously GitHub's principal engineer and is one of the longest-serving maintainers of the Homebrew project itself.
“I spoke with companies of all sizes, from startups to large enterprises, who are currently using Homebrew, and I heard the same problem over and over again: As the number of devices in an organization grows, It makes it harder to deploy Homebrew,'' Britton told TechCrunch.
Supporting and servicing popular open source tools is a proven model. It's this model that led IBM to invest $34 billion in Red Hat, and countless startups have raised venture capital for products that increase the utility of established, community-driven projects. I did. . Homebrew has become a very popular tool since its introduction in 2009 and is currently installed on tens of millions of devices around the world, making it a good candidate to build your service on. Homebrew is the gold standard for package management on macOS.
But transforming Homebrew from a tool beloved by developers to one enthusiastically embraced by teams is the challenge Workbrew is focused on.
“Homebrew and its background are made available to individual developers of their choice as an open source project run by volunteers,” said Gennarelli. “What John, Mike, and I realized was that we needed to move from single-player to multiplayer.”
Workbrew dashboard. Image credit: Workbrew.
build a building on top
Workbrew essentially brings enterprise-level rigor to Homebrew deployments. A free plan is available that does not enforce any restrictions regarding user or device restrictions, and administrators can deploy Workbrew using any mobile device management (MDM) software. You can also access a fleet dashboard that supports basic vulnerability detection and displays data on devices, packages, licenses, and more.
In addition, Workbrew also features special integration with MDM software such as Jamf, Kandji, Fleet, and SimpleMDM, including automatic inventory synchronization. Information such as device owner and name is always the same in Workbrew and the MDM console. It is offered in a $10/month pro plan and includes other features such as remote management, policy enforcement, and advanced security tools.
There is also an Enterprise plan (customized pricing) that offers service level guarantees and additional features such as single sign-on (SSO) support and data residency with custom deployments.
Which plan a company prefers depends on its size and the industry in which it operates. Some plans may have more stringent security and compliance requirements than others. Even within a company, certain teams may need to adopt different security postures. Workbrew is designed to be flexible to meet these needs, he said.
Businesses are free to exercise whatever level of access control they desire, from very restrictive to an open-door philosophy where no restrictions are actually applied, but where businesses have visibility and control as needed. Masu. Controls can also be very specific. For example, if a user attempts to install a cryptocurrency miner, administrators can block it completely, send an alert, or initiate a formal approval process.
In the most extreme cases, companies may have strict vetting policies that require every package a developer attempts to install to be scanned and recorded as part of the audit trail. This can be important for certain highly regulated industries where compliance thresholds are high and you need to see all packages installed on a given device at a given time.
“The biggest thing I hear over and over again from IT and security professionals is that they don't know what they don't know,” Britton says. “We make it easy for businesses to get an overview of all packages installed on all devices across their fleet, including version information and vulnerabilities.”
Workbrew vulnerability alerts. Image credit: Workbrew
spent a long time brewing
In some ways, it's shocking that no one has yet built a commercial, enterprise-grade business using Homebrew. According to Britton, the reason boils down to three key factors that needed to align at the right time to make that happen.
“Growing an open source project was a necessary first step, and the second step was about the structure of Homebrew as an open source project. Over the years, it became more formalized and better handled. As a result, we are now able to do this,” Britton said.
In fact, many open source projects have little formal structure and are often maintained by a single individual or loose collective. Homebrew has its own governance, with committees and elections to decide who will lead the project. This stability and structure makes it easy to build a top-tier business, especially when one of the founders, CTO Mike McQuaid, has contributed to Homebrew since the beginning and led the project since 2016. Masu.
This brings us to the third key element that Britton feels is necessary to enable a business like Workbrew: having the right people at the right time with the right ideas. It is reflected.
“This is the perfect team to build this. The three of us have been building developer tools together at GitHub for nearly 10 years,” Britton says. “I previously worked at Twilio [Britton was employee number 13]Vanessa worked on Scratch [visual programming language from MIT]Mike has been contributing to Homebrew for 15 years. Solving these problems requires a very deep knowledge of how Homebrew works. ”
In fact, Britton and McQuaid have been talking about the possibility of a business around Homebrew for the better part of a decade, and investors have also approached them at various junctures to see if they want to build a business out of Homebrew. I was approaching them. But it just didn't make any sense, and McQuaid was also worried about ruining a project he'd put a lot of effort into.
“The project itself wasn't in a very mature state. I've been working on Homebrew for years, so it's very important to me,” McQuaid said. “And the problem was, no one had any idea what kind of business was actually going on here.”
But when their schedules aligned, Britton, Generelli, and McQuaid joined forces and paved the way for what would become Workbrew. They decided this wasn't some kind of “open core” business that would deplete the core project itself. It had to be about adding something to the mix that didn't exist before.
“Homebrew is well-positioned with a unique governance structure, and we know we have a real business here with a path to building a profitable company that delivers a lot of value to people.” Mr. McQuaid said. “It's a separate entity. We're incredibly integrated with Homebrew. We use unforked Homebrew, but we're not Homebrew. We're a workbrew.”
Workbrew launched a public beta in August and has attracted about 20 customers, including expense management provider Emburse and Vespa, a big data services engine spun out of Yahoo. Although the company is incorporated in the United States, it is completely remote. Our first employee is also one of Homebrew's most active maintainers and is based in the Shetland Islands off the coast of northern Scotland.
With $5 million in new money in the bank, Workbrew says it plans to “rapidly scale” its platform, building deeper integrations with MDM software and more “developer-focused features.” .
All of this depends on continued support for the core open source project itself. Finding funding for community projects like this has always been difficult, but recently there has been a rise in a variety of non-equity initiatives, including fellowships, grants, and pledges.
Homebrew's annual budget is about $120,000, and so far it's getting by with donations through GitHub sponsors and philanthropy from big-name donors like Airbnb and Bloomberg. This must continue for Workbrew to grow.
“Homebrew is now incredibly mature, sophisticated and autonomous,” Gennarelli says. “The success of Workbrew depends on Homebrew. We have a vested interest in the success of the project. Although our goals are aligned, we are completely different and one One is a non-profit organization, the other is a for-profit organization.”